Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG continues to detect same threat


  • Please log in to reply
12 replies to this topic

#1 ohsosmooth75

ohsosmooth75

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 10:06 AM

Hello friends. Hopefully this is the right forum for this question? My AVG has been detecting the same threat about every half hour for two days now. It says:

 

Suspicion: Unknown virus.exe.com

Object name: downloads.dell.com/FOLDER03163439M/1/ZPS_8700_BIOS_A11.EXE

 

I'm running Windows 8.1 on a Dell computer. 

 

If anyone can offer any advice on how to resolve this problem I would appreciate it!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 November 2015 - 10:16 AM

Hi ohsosmooth75 :)

This is a false positive on Dell's website. The URL returns a 404 error message, probably because it's wrong. It should be XPS and not ZPS.
downloads.dell.com/FOLDER03163439M/1/XPS_8700_BIOS_A11.EXE
Entering the link below in your web browser will trigger a download for a BIOS update for the XPS 8700 computers (Revision A11). My guess is that you have a Dell program running that is trying to query the driver for download but can't because it doesn't exist anymore. Most likely a Dell OEM software.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 10:53 AM

Ok I put the new link in my browser and downloaded the BIOS update. After restarting my computer, AVG is still detecting the threat but with a change from ZPS to XPS:

 

Suspicion: Unknown virus.exe.com

Object name: downloads.dell.com/FOLDER03163439M/1/XPS_8700_BIOS_A11.EXE

 

Any other ideas/suggestions?

 

Thanks!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 November 2015 - 10:55 AM

This is a FP coming from AVG. I would submit it to them, or whitelist the domain dell.com (since it's a safe website).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 11:48 AM

Tried whitelist idea but that didn't work. Contacted AVG and they recommended I turn off my notifications. *sigh*



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 November 2015 - 11:50 AM

Sigh, AVG. Alright, let's see what program could be calling that URL.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 11:55 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Brad (administrator) on 10-11-2015 at 11:54:07
Running from "C:\Users\Brad\Downloads"
Microsoft Windows 8.1  (X64)
Model: XPS 8700 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Dell Wireless 1703 802.11b|g|n (2.4GHz) = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Brad
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BaxterUSA
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-85-56-31-7E-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : BC-85-56-31-7E-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : BaxterUSA
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B8-CA-3A-87-4F-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::70db:8150:3468:fc3%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.198(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 10, 2015 10:39:00 AM
   Lease Expires . . . . . . . . . . : Tuesday, November 17, 2015 10:39:00 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 364431930
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-54-06-24-BC-85-56-31-7E-D3
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1703 802.11b|g|n (2.4GHz)
   Physical Address. . . . . . . . . : BC-85-56-31-7E-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.BaxterUSA:
 
   Connection-specific DNS Suffix  . : BaxterUSA
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.198%9(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 184549376
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-54-06-24-BC-85-56-31-7E-D3
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24dd:3685:f5ff:ff39(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24dd:3685:f5ff:ff39%7(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-54-06-24-BC-85-56-31-7E-D3
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  baxterouter
Address:  10.0.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:80b::200e
 216.58.216.206
 
 
Pinging google.com [216.58.216.206] with 32 bytes of data:
Reply from 216.58.216.206: bytes=32 time=245ms TTL=52
Reply from 216.58.216.206: bytes=32 time=171ms TTL=52
 
Ping statistics for 216.58.216.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 171ms, Maximum = 245ms, Average = 208ms
Server:  baxterouter
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=228ms TTL=47
Reply from 98.138.253.109: bytes=32 time=217ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 217ms, Maximum = 228ms, Average = 222ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...1e 85 56 31 7e d3 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...bc 85 56 31 7e d4 ......Bluetooth Device (Personal Area Network)
  5...b8 ca 3a 87 4f d8 ......Realtek PCIe GBE Family Controller
  3...bc 85 56 31 7e d3 ......Dell Wireless 1703 802.11b|g|n (2.4GHz)
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.198     10
         10.0.0.0    255.255.255.0         On-link        10.0.0.198    266
       10.0.0.198  255.255.255.255         On-link        10.0.0.198    266
       10.0.0.255  255.255.255.255         On-link        10.0.0.198    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.198    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.198    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:90d7:24dd:3685:f5ff:ff39/128
                                    On-link
  5    266 fe80::/64                On-link
  7    306 fe80::/64                On-link
  9    266 fe80::5efe:10.0.0.198/128
                                    On-link
  7    306 fe80::24dd:3685:f5ff:ff39/128
                                    On-link
  5    266 fe80::70db:8150:3468:fc3/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    266 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/09/2015 09:27:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: DellDataVault.exe, version: 4.0.0.0, time stamp: 0x555f5ce7
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x00000000000394ca
Faulting process id: 0x211c
Faulting application start time: 0xDellDataVault.exe0
Faulting application path: DellDataVault.exe1
Faulting module path: DellDataVault.exe2
Report Id: DellDataVault.exe3
Faulting package full name: DellDataVault.exe4
Faulting package-relative application ID: DellDataVault.exe5
 
Error: (10/19/2015 08:06:50 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Customer Connect -- Error 1939. Service 'Dell Customer Connect' (Dell Customer Connect) could not be configured.  This could be a problem with the package or your permissions. Verify that you have sufficient privileges to configure system services.
 
Error: (10/19/2015 08:06:50 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Customer Connect -- Error 1923. Service 'Dell Customer Connect' (Dell Customer Connect) could not be installed.  Verify that you have sufficient privileges to install system services.
 
Error: (10/13/2015 10:37:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 12.0.6727.5000, time stamp: 0x55a551e0
Faulting module name: wwlib.dll, version: 12.0.6727.5000, time stamp: 0x55a552c0
Exception code: 0xc0000005
Fault offset: 0x00025a74
Faulting process id: 0x2464
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
Faulting package full name: WINWORD.EXE4
Faulting package-relative application ID: WINWORD.EXE5
 
Error: (08/11/2015 01:04:17 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 12.0.6726.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 23ec
 
Start Time: 01d0d4351882ea4c
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
 
Report Id: 597cbeb6-4053-11e5-bed8-bc8556317ed4
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/24/2015 12:17:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Plug-ins&#x5c;Common&#x5c;DVControl,type="win32",version="1.0.0.0"1".
Dependent Assembly Plug-ins&#x5c;Common&#x5c;DVControl,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/22/2015 07:44:27 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1710
 
Start Time: 01d0ace8737347d4
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 6a3cdaa0-18dc-11e5-bed0-bc8556317ed4
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/22/2015 07:43:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: DellDataVault.exe, version: 3.9.4.0, time stamp: 0x54ef437b
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x00000000000394ca
Faulting process id: 0x1ac8
Faulting application start time: 0xDellDataVault.exe0
Faulting application path: DellDataVault.exe1
Faulting module path: DellDataVault.exe2
Report Id: DellDataVault.exe3
Faulting package full name: DellDataVault.exe4
Faulting package-relative application ID: DellDataVault.exe5
 
Error: (06/10/2015 12:03:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Plug-ins&#x5c;Common&#x5c;DVControl,type="win32",version="1.0.0.0"1".
Dependent Assembly Plug-ins&#x5c;Common&#x5c;DVControl,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/05/2015 10:20:20 AM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
 
System errors:
=============
Error: (11/10/2015 10:36:50 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (11/06/2015 08:55:29 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer BRIAN-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FA5BA3C-E97E-4473-AB96-540F9F8202AE}.
The master browser is stopping or an election is being forced.
 
Error: (11/05/2015 11:13:57 AM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x200000002d418.  The name of the file is "<unable to determine file name>".
 
Error: (11/05/2015 10:30:33 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:08:46 AM on ‎11/‎5/‎2015 was unexpected.
 
Error: (11/05/2015 10:08:20 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GRAPHICS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FA5BA3C-E97E-4473-AB96-540F9F8202AE}.
The master browser is stopping or an election is being forced.
 
Error: (11/04/2015 08:58:46 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HAWAII
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FA5BA3C-E97E-4473-AB96-540F9F8202AE}.
The master browser is stopping or an election is being forced.
 
Error: (11/03/2015 11:02:47 AM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x200000002d418.  The name of the file is "<unable to determine file name>".
 
Error: (11/03/2015 08:55:53 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (11/03/2015 08:55:18 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (11/02/2015 02:10:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SUSANNE-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FA5BA3C-E97E-4473-AB96-540F9F8202AE}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2015 10:37:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6727.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4815 seconds with 2460 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Aspera Connect 3.5.2.97180 (HKCU\...\Aspera Connect 3.5.2.97180) (Version: 3.5.2.97180 - Aspera, Inc.)
Aspera Connect 3.5.2.97180 (HKLM-x32\...\{C43D312D-5D1E-44A5-AA2F-FE31ED501CD8}) (Version: 3.5.2.97180 - Aspera, Inc.) Hidden
AVG 2013 (HKLM\...\{6F832662-4151-432A-AEEB-6AD63C935DAD}) (Version: 13.0.3544 - AVG Technologies) Hidden
AVG 2013 (HKLM\...\{DA405934-E2BD-42CF-923C-29FDE6546104}) (Version: 13.0.4447 - AVG Technologies) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3544 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.9.0.231 - AVG Technologies)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DriverUpdate (HKLM-x32\...\{28DEDA44-EDCB-43C8-A1FB-E94B56A9E06F}) (Version: 2.2.36927 - SlimWare Utilities, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.6 - Dropbox, Inc.)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2300}) (Version: 12.35.0.284 - APN, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony SxS UDF driver (HKLM-x32\...\{D4499B3C-3036-4667-8827-DEB4DA53ECD6}) (Version: 2.0.1.1 - Sony Corporation)
SxS device driver (HKLM-x32\...\{D2D8328B-F031-4F69-8621-250701844E9A}) (Version: 1.01.00000 - Sony Corporation)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
XDCAM Browser 1.2 (HKLM-x32\...\{BD65C375-CA85-4CDE-A599-7B2EDD424C31}) (Version: 1.2.0.242 - Sony Corporation)
XDCAM EX Clip Browser (HKLM-x32\...\{D26F7C78-E2D7-49AB-8E64-53CB8AE99074}) (Version: 2.06.201 - Sony Corporation)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 12237.73 MB
Available physical RAM: 9278.64 MB
Total Virtual: 14093.73 MB
Available Virtual: 10814.58 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:917.92 GB) (Free:735.29 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BRAD
 
Administrator            Brad                     Guest                    
UpdatusUser              
 
 
**** End of log ****


#8 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:57 AM

Posted 10 November 2015 - 12:07 PM

AVG suggested turning off notifications?  AVG prime or a 3rd party representing AVG?  I'm wondering if it's time to change anti-virus programs  :)


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#9 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 12:14 PM

I posted on the AVG Help Message board. The person replying was listed as customer support for AVG. Could very well be a 3rd party.  



#10 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 12:18 PM

The person also told me the problem is either the threat is not being removed successfully or my automatic downloads is trying to download the same file repeatedly and I should get back to them once I figure out which it is! :)



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 November 2015 - 01:15 PM

Your AVG installation is outdated. I suggest you to uninstall it and download then install the latest version of AVG Free (that is if you want to keep on using it).

http://free.avg.com/us-en/homepage

Be sure to opt out any offer they have in their installer. Also, uninstall the following programs.
  • AVG SafeGuard Toolbar - Not needed;
  • DriverUpdate - See warning below;
  • Java 7 Update 79 - Outdated;
  • Search App by Ask;
warning.gifDriver Updater Warning!
I see that you are using a "Driver Updater" program. I strongly advise you to uninstall it/them and to never use such programs again since they can damage your system at a point where a reinstallation of Windows might be needed.
  • Drivers are "middlemen" between your OS (Windows) and your hardware (computer). They control and facilitate the interaction between Windows and hardware components, to deliver a "message", nothing more;
  • Having all of your drivers up to date, all the time, will not improve the performance of your system, nor your computer. You cannot increase the hardware performance of a component over the current capabilities it have;
  • Driver updates are released to fix a bug or an issue with a previous release of that driver. Not everyone with the same drivers will experience the issue, so if you are having no problems with the drivers you are running, you don't need to update them. "If it's not broken, don't fix it";
  • You can download drivers for free from your computer/laptop manufacturers website, or from the hardware component manufacturers website. You don't need to pay for any of them, if you are being asked to pay for drivers it is likely a scam;
  • Only drivers from the computer/laptop manufacturers website, or the hardware component manufacturers website are considered official (legitimate and working). You should not download drivers from anywhere else;
  • Driver Updaters are a scam, they try to convince you that you need these programs in order to make your system perform well, which is false;
  • It has been tested and proven that these programs will detect outdated drivers on a system that have the most updated drivers from the manufacturer, which shows that they don't work and/or they try to make you install "newer" suspicious drivers;
  • The goal of the distributors of such programs is to make money by making you buy their useless product, or install additional software (PUPs) when you install their program. Your system will perform worse with these programs installed than without;
This being said, such programs could be seen as "pure scam" and should be avoided at all cost.

Here's some articles that talks about Driver Updater programs and why they shouldn't be used:Let me know once it's done.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 ohsosmooth75

ohsosmooth75
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 10 November 2015 - 03:46 PM

Your advice seems to have worked. It's been hours since my last notification from AVG. Thanks, Aura for your help!



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 AM

Posted 10 November 2015 - 03:51 PM

No problem ohsosmooth, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users